{-|
Description : Nix-relevant interfaces to NaCl signatures.
-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
module System.Nix.Internal.Signature where

import Data.ByteString (ByteString)
import qualified Data.ByteString as BS
import Data.Coerce (coerce)
import Crypto.Saltine.Core.Sign (PublicKey)
import Crypto.Saltine.Class (IsEncoding(..))
import qualified Crypto.Saltine.Internal.ByteSizes as NaClSizes

-- | A NaCl signature.
newtype Signature = Signature ByteString deriving (Eq, Ord)

instance IsEncoding Signature where
  decode s
    | BS.length s == NaClSizes.sign = Just (Signature s)
    | otherwise = Nothing
  encode = coerce

-- | A detached NaCl signature attesting to a nix archive's validity.
data NarSignature = NarSignature
  { -- | The public key used to sign the archive.
    publicKey :: PublicKey
  , -- | The archive's signature.
    sig :: Signature
  } deriving (Eq, Ord)